Infermal and Inferno: Can We Fight DNS Abuse Without Harming Legitimate Users?
A new research report sheds light on malicious domain registration patterns—a valuable step toward tackling DNS abuse. But as I read it, I was reminded of a growing tension in this space: in our eagerness to fight bad actors, are we overlooking the rights of legitimate users?
The report rightly highlights risks around issues like pricing incentives, reactive measures in trademark infringement, and anonymous payment methods. Yet its framing leans heavily toward identifying “abuse vectors,” without asking how these same features—affordability, privacy, flexibility—also serve human rights defenders, journalists, and everyday users.
Methodology weaknesses
While the report does examine factors like pricing, payment methods, and discount structures, its methodology remains incomplete. It treats these elements largely as static risk factors, without exploring how different technical behavioral patterns or attacker profiles might interact with them. Not all malicious actors behave the same way, nor do all types of abuse rely equally on domain registration incentives. For example, the strategic choices between abusing domain registration versus compromising hosting infrastructure are driven by different motivations, costs, and risk assessments. By not differentiating across types of attackers or attack strategies, the analysis risks flattening a complex landscape. A more robust approach would consider not just what infrastructure is used, but how attacker behavior varies across abuse types and how legitimate users are affected differently by the same infrastructure features.
Lack of consideration of legitimate use of the features
For example, discounts and low fees can enable broad access to digital infrastructure, not just abuse. Trademark enforcement through UDRP is important, but it is not DNS abuse according to ICANN DNS abuse definition and since this is an ICANN commissioned report we need to be very careful not to conflate the issues.
Overly proactive measures risk overreach especially when other remedies, such as abuse reporting to hosts, are available.
The report’s language around payment methods is troublingly one-sided. For instance, it states that anonymity in payments (e.g. via cryptocurrency or PayPal) is a tactic to “avoid attribution,”.
This happens with no meaningful consideration that anonymity is also crucial for legitimate actors in repressive contexts.
The report further states that “Porkbun accepts various forms of cryptocurrencies, they warn that the identity of the registrants may be verified so that they do not engage in malicious activities. Interestingly, only a small fraction of maliciously registered domains were purchased at Porkbun.”
The above statement could have a chilling effect on anonymous domain name registration, and be used to support mandatory identification of domain name registrants. Human rights advocates, investigative journalists, and vulnerable users frequently rely on privacy-protective and anonymous domain registration to operate safely. For many legitimate actors, anonymous domain ownership might be a lifeline.
Another point that we need to extensively discuss is that pattern of behavior for malicious registration cannot be the sole basis for our policy choices or research topics. Even where that pattern exists, we need to do DNSAbuse mitigation relying on actual evidence. This is why premature filtering that some registries do can have adverse effects.
Research on DNS abuse is necessary. But without a more holistic, rights-respecting lens, we risk closing down the very spaces activists and vulnerable communities and end users depend on. It’s time for abuse mitigation conversations to better align security with rights—because keeping the Internet open and safe should not lead to closing it down for legitimate users.
